<%
# Copyright (C) 2011 - present Instructure, Inc.
#
# This file is part of Canvas.
#
# Canvas is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, version 3 of the License.
#
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
%>

<% if can_do(@user, @current_user, :manage, :manage_user_details) %>
  <% css_bundle :user_logins %>
  <% js_bundle :user_logins %>
  <% js_env :PASSWORD_POLICY => (@domain_root_account.try(:password_policy) || {}) %>
  <fieldset id="login_information">
    <legend>
      <h4 class="profileHeader">
        {{#t}}Login Information{{/t}}
      </h4>
    </legend>
    <table class="ic-Table">
      <% pseudonyms = @user.all_active_pseudonyms + [nil] %>
      <% pseudonyms.each do |pseudonym| %>
        <tr class='login <%= 'blank' unless pseudonym %>' style="<%= hidden unless pseudonym %>">
          <td class='sso-icon'>
            <% if lookup_context.template_exists?("shared/svg/_svg_icon_#{pseudonym.try(:authentication_provider).try(:auth_type)}.svg") %>
              <%= render(partial: "shared/svg/svg_icon_#{pseudonym.authentication_provider.auth_type}.svg") %>
              <span class="screenreader-only">
                <%= t("This login is for %{provider}", provider: pseudonym.authentication_provider.class.display_name) %>
              </span>
            <% end %>
          </td>
          <th scope='row'>
            <b class='unique_id'><%= pseudonym && pseudonym.unique_id %></b>
            <% if pseudonym && ((pseudonym.sis_user_id && can_do(pseudonym.account, @current_user, :read_sis)) || can_do(pseudonym, @current_user, :manage_sis)) %>
              <div>
                <%= before_label('sis_id', 'SIS ID') %> <span id="sis_user_id_<%= pseudonym.id %>" class="sis_user_id"><%= pseudonym.sis_user_id %></span>
              </div>
              <div style="display:none" class="can_edit_sis_user_id"><%= can_do(pseudonym, @current_user, :manage_sis) %></div>
            <% end %>
            <% if pseudonym && ((pseudonym.integration_id && can_do(pseudonym.account, @current_user, :read_sis)) || can_do(pseudonym, @current_user, :manage_sis)) %>
                <div>
                  <%= before_label('integration_id', 'Integration ID') %> <span id="integration_id_<%= pseudonym.id %>" class="integration_id"><%= pseudonym.integration_id %></span>
                </div>
            <% end %>          </th>
          <td class='account'>
            <%= link_to(pseudonym ? pseudonym.account.name : nbsp, account_url(pseudonym ? pseudonym.account : "{{ account_id }}"), :class => 'account_name') %>
          </td>
          <td class='details'>
            <table class="ic-Table--condensed">
              <tr class='login_details'>
                <td scope="row"><%= before_label('last_request', 'Last request') %></td>
                <td><%= datetime_string(pseudonym.try(:last_request_at)) || t('never', "never") %></td>
              </tr>
              <tr class='login_details' style="<%= hidden if pseudonyms.length > 1 || !pseudonym %>">
                <td scope="row"><%= before_label('current_login', 'Current login') %></td>
                <td><%= datetime_string(pseudonym.try(:current_login_at)) || t('never', "never") %></td>
              </tr>
              <tr class='login_details' style="<%= hidden if pseudonyms.length > 1 || !pseudonym %>">
                <td scope="row"><%= before_label('current_ip', 'Current login IP') %></td>
                <td><%= pseudonym.try(:current_login_ip) || t('none', "none") %></td>
              </tr>
              <tr class='login_details' style="<%= hidden if pseudonyms.length > 1 || !pseudonym %>">
                <td scope="row"><%= before_label('last_login', 'Last login') %></td>
                <td><%= datetime_string(pseudonym.try(:last_login_at)) || t('never', "never") %></td>
              </tr>
              <tr class='login_details' style="<%= hidden if pseudonyms.length > 1 || !pseudonym %>">
                <td scope="row"><%= before_label('last_ip', 'Last login IP') %></td>
                <td><%= pseudonym.try(:last_login_ip) || t('none', "none") %></td>
              </tr>
            </table>
            <% if pseudonyms.length > 1 || !pseudonym %>
              <a href="#" class="login_details_link">{{#t}}more...{{/t}}</a>
            <% end %>
          </td>
          <% if !pseudonym || can_do(pseudonym, @current_user, :update) %>
            <td class='links <%= 'passwordable' if pseudonym && can_do(pseudonym, @current_user, :change_password) %> <%= 'delegated-auth' if pseudonym && !pseudonym.account.canvas_authentication? %>'>
              <a href="#" rel="<%= user_pseudonym_url(@user.id, pseudonym ? pseudonym.id : "{{ id }}") %>" class="edit_pseudonym_link" data-account-id="<%= pseudonym.account.id if pseudonym %>"><i class="icon-edit standalone-icon"></i></a>
              <a href="#" rel="<%= user_pseudonym_url(@user.id, pseudonym ? pseudonym.id : "{{ id }}") %>" class="delete_pseudonym_link" style="<%= hidden if pseudonyms.length <= 2 || (pseudonym && !can_do(pseudonym, @current_user, :delete)) %>"><i class="icon-end standalone-icon"></i></a>
            </td>
          <% else %>
            <td>&nbsp;</td>
          <% end %>
        </tr>
      <% end %>
      <% can_add_pseudonym = can_do(@user.pseudonyms.build(account: @domain_root_account), @current_user, :create) %>
      <% can_reset_mfa = @user.otp_secret_key && can_do(@user, @current_user, :reset_mfa) %>
      <% if can_add_pseudonym || can_reset_mfa %>
        <tr class="add_holder">
          <td colspan="5">
            <% if can_add_pseudonym %>
              <a href="#" rel="<%= user_pseudonyms_url(@user.id) %>" class="add_pseudonym_link">{{#t}}Add Login{{/t}}</a>
            <% end %>
            <% if can_add_pseudonym && can_reset_mfa %> | <% end %>
            <% if can_reset_mfa %>
              <a href="<%= disable_mfa_path(@user) %>" class="reset_mfa_link">{{#t}}Reset Multi-Factor Authentication{{/t}}</a>
            <% end %>
          </td>
        </tr>
      <% end %>
    </table>
  </fieldset>
  <%= form_for :pseudonym, :url => user_pseudonyms_url(@user.id),
               :html => {:id => 'edit_pseudonym_form', :class => 'form-dialog form-horizontal',
                         :style => 'display: none;'} do |f| %>
    <table class="formtable" style="margin-top: 20px;">
      <tr>
        <td><%= f.blabel :unique_id, :en => "Login" %></td>
        <td><%= f.text_field :unique_id %></td>
      </tr>
      <tr style="display:none;" class="sis_user_id">
        <td><%= f.blabel :sis_user_id, :en => "SIS ID" %></td>
        <td><%= f.text_field :sis_user_id %></td>
      </tr>
      <tr style="display:none;" class="integration_id">
        <td><%= f.blabel :integration_id, :en => "Integration ID" %></td>
        <td><%= f.text_field :integration_id %></td>
      </tr>
      <% if can_do(Account.site_admin, @current_user, :manage_user_logins) %>
        <% js_env :PASSWORD_POLICIES => Hash[Account.root_accounts.active.map{ |a| [a.id, a.password_policy]}] %>
        <tr class="account_id">
          <td><%= f.blabel :account_id, :en => "Account" %></td>
          <td>
            <%
              accounts = Account.root_accounts
                .active
                .map { |a| [(a.name || t("Unnamed Account (%{id})", id: a.id)), a.id] }
                .sort_by(&:first)
            %>
            <%= f.select :account_id, accounts, {:selected => @domain_root_account.id}, :class => "account_id_select" %>
          </td>
        </tr>
      <% else %>
        <tr style="display: none;">
          <td class="default_account_name"><%= @domain_root_account.name %></td>
        </tr>
      <% end %>
      <tr class="password">
        <td><%= f.blabel :password, :en => "Password" %></td>
        <td><%= f.password_field :password %></td>
      </tr>
      <tr class="password">
        <td><%= f.blabel :password_confirmation, :en => "Confirm Password" %></td>
        <td><%= f.password_field :password_confirmation %></td>
      </tr>
      <!-- explicit width is sad, but the dialog auto width will make the
           dialog crazy wide before wrapping the text otherwise -->
      <tr class="delegated">
        <td colspan="2" style="width: 300px;">
          <div class="hint-text">
            <%= t do %>
              Note: This login's account uses delegated authentication, but
              allows fallback Canvas password authentication. The password
              fields in this form update the fallback Canvas password,
              <b>not</b> the delegated authentication.
            <% end %>
          </div>
        </td>
      </tr>
    </table>

    <div class='form-controls'>
      <button type="button" class="btn cancel_button">{{#t}}Cancel{{/t}}</button>
      <button type="submit" class="btn btn-primary submit_button">{{#t}}Update Login{{/t}}</button>
    </div>
  <% end %>
<% end %>
